General

  • Target

    a115a47f2672df1ab7239a1acc98f8d56c178d1c71cd9ea73368443f19ef5f98

  • Size

    321KB

  • Sample

    230923-nv3dfsgg75

  • MD5

    04f280d5c2f1c38c9b72cf9a6a337b76

  • SHA1

    06cefc593ae49fba94ce9de886c62a280f3a6c45

  • SHA256

    a115a47f2672df1ab7239a1acc98f8d56c178d1c71cd9ea73368443f19ef5f98

  • SHA512

    c995622991b4d9e1ef749af971df7ce7b342b060a4f313c63621c608c0a3580a520af3528a6039e06ba93e794e0a11b73d2e101be97e892fc08b30117a9389a7

  • SSDEEP

    3072:reHCeqhrSeku6tC0ttnfvndO/bzshi7lPWga4v7Tlwr8XpLcrt0pB:6HCrh2eku6tC0tt37QPWNWTlwor

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32
rc4.i32

Targets

    • Target

      a115a47f2672df1ab7239a1acc98f8d56c178d1c71cd9ea73368443f19ef5f98

    • Size

      321KB

    • MD5

      04f280d5c2f1c38c9b72cf9a6a337b76

    • SHA1

      06cefc593ae49fba94ce9de886c62a280f3a6c45

    • SHA256

      a115a47f2672df1ab7239a1acc98f8d56c178d1c71cd9ea73368443f19ef5f98

    • SHA512

      c995622991b4d9e1ef749af971df7ce7b342b060a4f313c63621c608c0a3580a520af3528a6039e06ba93e794e0a11b73d2e101be97e892fc08b30117a9389a7

    • SSDEEP

      3072:reHCeqhrSeku6tC0ttnfvndO/bzshi7lPWga4v7Tlwr8XpLcrt0pB:6HCrh2eku6tC0tt37QPWNWTlwor

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks